Skip to content

Dirty pages deduplication between diff and base layer for memory#2590

Draft
bchalios wants to merge 6 commits intomainfrom
feat/compact-diff
Draft

Dirty pages deduplication between diff and base layer for memory#2590
bchalios wants to merge 6 commits intomainfrom
feat/compact-diff

Conversation

@bchalios
Copy link
Copy Markdown
Contributor

@bchalios bchalios commented May 7, 2026

WIP

bchalios added 6 commits May 7, 2026 16:08
@bchalios
feat(memfd): parse memfd from Firecracker when passed over
676f951 
We are making a larger change to enable memfd-backed guest memory in
Firecracker. When enabled, Firecracker passes over the memfd file
descriptor over the UFFD UDS, alongside the UFFD file descriptor.

Parse this and create a Memfd object, which we can later use to interact
with the sandbox memory.

Signed-off-by: Babis Chalios <babis.chalios@e2b.dev>
@bchalios
feat(memfd): use memfd to export sandbox memory
51099c0 
Currently, orchestrator calls process_vm_readv() system call to copy
memory from Firecracker process into the cache backing file.

Add logic to use read directly from memfd, when that is present.

Signed-off-by: Babis Chalios <babis.chalios@e2b.dev>
@bchalios
feat(memfd): add feature flag for memfd
8365c34 
Add a feature flag that controls whether the orchestrator will instruct
Firecracker to use memfd for backing the guest memory.

Signed-off-by: Babis Chalios <babis.chalios@e2b.dev>
@bchalios
WIP: introduce Cache deduplication logic
60e0058 
Signed-off-by: Babis Chalios <babis.chalios@e2b.dev>
@bchalios
WIP: use copy_file_range
e8f6195 
Signed-off-by: Babis Chalios <babis.chalios@e2b.dev>
@bchalios
WIP: dedup test
2b6ebdd 
Signed-off-by: Babis Chalios <babis.chalios@e2b.dev>
@cla-bot cla-bot Bot added the cla-signed label May 7, 2026
@cursor
Copy link
Copy Markdown

cursor Bot commented May 7, 2026
edited
Loading

PR Summary

High Risk
Touches snapshot restore and memory export paths (UFFD/Firecracker integration), where FD ownership/cleanup bugs or mismatched Firecracker support can break resume/pause or leak resources.

Overview
The new 4KiB page-level Cache.Dedup logic and tests are added but not wired into the pause/snapshot flow, so the PR title’s deduplication behavior won’t take effect yet. The new memfd-backed restore/export path depends on Firecracker sending an extra fd over the UFFD socket; if a different number of fds/control messages is received (or an unexpected count >2), the current parsing/cleanup is brittle and may leak fds or fail resumes. The dedup implementation allocates blockSize buffers and does full byte comparisons for every dirty block, which can be expensive for large dirty sets and may increase orchestrator memory/CPU during pause.

Reviewed by Cursor Bugbot for commit 2b6ebdd. Bugbot is set up for automated code reviews on this repo. Configure here.

@bchalios bchalios assigned bchalios and unassigned arkamar May 7, 2026
@codecov
Copy link
Copy Markdown

codecov Bot commented May 7, 2026
edited
Loading

❌ 7 Tests Failed:

Tests completed Failed Passed Skipped
2609 7 2602 5
View the full list of 7 ❄️ flaky test(s) 
github.com/e2b-dev/infra/tests/integration/internal/tests/api/metrics::TestTeamMetrics

Flake rate in main: 70.45% (Passed 39 times, Failed 93 times)

Stack Traces | 1.83s run time 
=== RUN   TestTeamMetrics
=== PAUSE TestTeamMetrics
=== CONT  TestTeamMetrics
    team_metrics_test.go:61: 
        	Error Trace:	.../api/metrics/team_metrics_test.go:61
        	Error:      	Should be true
        	Test:       	TestTeamMetrics
        	Messages:   	MaxConcurrentSandboxes should be >= 0
--- FAIL: TestTeamMetrics (1.83s)

github.com/e2b-dev/infra/tests/integration/internal/tests/api/sandboxes::TestUpdateNetworkConfig

Flake rate in main: 72.96% (Passed 43 times, Failed 116 times)

Stack Traces | 40.5s run time 
=== RUN   TestUpdateNetworkConfig
=== PAUSE TestUpdateNetworkConfig
=== CONT  TestUpdateNetworkConfig
--- FAIL: TestUpdateNetworkConfig (40.46s)

github.com/e2b-dev/infra/tests/integration/internal/tests/api/sandboxes::TestUpdateNetworkConfig/pause_resume_preserves_allow_internet_access_false

Flake rate in main: 73.20% (Passed 41 times, Failed 112 times)

Stack Traces | 1.55s run time 
=== RUN   TestUpdateNetworkConfig/pause_resume_preserves_allow_internet_access_false
Executing command curl in sandbox iq5mlveyrvtd9nplyed0e
    sandbox_network_update_test.go:372: Command [curl] output: event:{start:{pid:1359}}
    sandbox_network_update_test.go:372: Command [curl] output: event:{end:{exit_code:35  exited:true  status:"exit status 35"  error:"exit status 35"}}
Executing command curl in sandbox iq5mlveyrvtd9nplyed0e
    sandbox_network_update_test.go:372: Command [curl] output: event:{start:{pid:1360}}
    sandbox_network_update_test.go:372: Command [curl] output: event:{end:{exit_code:35  exited:true  status:"exit status 35"  error:"exit status 35"}}
    sandbox_network_update_test.go:391: Command [curl] output: event:{start:{pid:1361}}
    sandbox_network_update_test.go:391: Command [curl] output: event:{data:{stdout:"HTTP/2 302 \r\nx-content-type-options: nosniff\r\nlocation: https://dns.google/\r\ndate: Thu, 07 May 2026 14:24:11 GMT\r\ncontent-type: text/html; charset=UTF-8\r\nserver: HTTP server (unknown)\r\ncontent-length: 216\r\nx-xss-protection: 0\r\nx-frame-options: SAMEORIGIN\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\n\r\n"}}
    sandbox_network_update_test.go:391: Command [curl] output: event:{end:{exited:true  status:"exit status 0"}}
    sandbox_network_update_test.go:391: Command [curl] completed successfully in sandbox iq5mlveyrvtd9nplyed0e
    sandbox_network_update_test.go:391: 
        	Error Trace:	.../api/sandboxes/sandbox_network_out_test.go:74
        	            				.../api/sandboxes/sandbox_network_update_test.go:60
        	            				.../api/sandboxes/sandbox_network_update_test.go:391
        	Error:      	An error is expected but got nil.
        	Test:       	TestUpdateNetworkConfig/pause_resume_preserves_allow_internet_access_false
        	Messages:   	https://8.8.8.8 should be blocked
--- FAIL: TestUpdateNetworkConfig/pause_resume_preserves_allow_internet_access_false (1.55s)

github.com/e2b-dev/infra/tests/integration/internal/tests/envd::TestBindLocalhost

Flake rate in main: 54.20% (Passed 60 times, Failed 71 times)

Stack Traces | 0s run time 
=== RUN   TestBindLocalhost
=== PAUSE TestBindLocalhost
=== CONT  TestBindLocalhost
--- FAIL: TestBindLocalhost (0.00s)

github.com/e2b-dev/infra/tests/integration/internal/tests/envd::TestBindLocalhost/bind_localhost

Flake rate in main: 60.22% (Passed 37 times, Failed 56 times)

Stack Traces | 13.9s run time 
=== RUN   TestBindLocalhost/bind_localhost
=== PAUSE TestBindLocalhost/bind_localhost
=== CONT  TestBindLocalhost/bind_localhost
Executing command python in sandbox im2an8zjfm75t4lfasuc1
    localhost_bind_test.go:69: Command [python] output: event:{start:{pid:1264}}
Executing command python in sandbox is5tswaqmr2x93t0ym53q
    localhost_bind_test.go:90: 
        	Error Trace:	.../tests/envd/localhost_bind_test.go:90
        	Error:      	Not equal: 
        	            	expected: 200
        	            	actual  : 502
        	Test:       	TestBindLocalhost/bind_localhost
        	Messages:   	Unexpected status code 502 for bind address localhost
--- FAIL: TestBindLocalhost/bind_localhost (13.93s)

github.com/e2b-dev/infra/tests/integration/internal/tests/orchestrator::TestSandboxMemoryIntegrity

Flake rate in main: 60.50% (Passed 47 times, Failed 72 times)

Stack Traces | 78s run time 
=== RUN   TestSandboxMemoryIntegrity
=== PAUSE TestSandboxMemoryIntegrity
=== CONT  TestSandboxMemoryIntegrity
    sandbox_memory_integrity_test.go:26: Build completed successfully
--- FAIL: TestSandboxMemoryIntegrity (77.95s)

github.com/e2b-dev/infra/tests/integration/internal/tests/orchestrator::TestSandboxMemoryIntegrity/tmpfs_hash

Flake rate in main: 64.08% (Passed 37 times, Failed 66 times)

Stack Traces | 27.2s run time 
=== RUN   TestSandboxMemoryIntegrity/tmpfs_hash
=== PAUSE TestSandboxMemoryIntegrity/tmpfs_hash
=== CONT  TestSandboxMemoryIntegrity/tmpfs_hash
    sandbox_memory_integrity_test.go:70: Command [bash] output: event:{start:{pid:1253}}
    sandbox_memory_integrity_test.go:70: Command [bash] output: event:{data:{stdout:"Total memory: 985 MB\nUsed memory before tmpfs mount: 189 MB\nFree memory before tmpfs mount: 796 MB\nMemory to use in integrity test (80% of free, min 64MB): 636 MB\n"}}
Executing command bash in sandbox ihmxwpg3nvszu9hjgbc5i (user: root)
    sandbox_memory_integrity_test.go:70: Command [bash] output: event:{data:{stderr:"636+0 records in\n636+0 records out\n666894336 bytes (667 MB, 636 MiB) copied, 3.1406 s, 212 MB/s\n"}}
    sandbox_memory_integrity_test.go:70: Command [bash] output: event:{data:{stderr:"\tCommand being timed: \"dd if=/dev/urandom of=/mnt/testfile bs=1M count=636\"\n\tUser time (seconds): 0.00\n\tSystem time (seconds): 3.12\n\tPercent of CPU this job got: 99%\n\tElapsed (wall clock) time (h:mm:ss or m:ss): 0:03.14\n\tAverage shared text size (kbytes): 0\n\tAverage unshared data size (kbytes): 0\n\tAverage stack size (kbytes): 0\n\tAverage total size (kbytes): 0\n\tMaximum resident set size (kbytes): 2700\n\tAverage resident set size (kbytes): 0\n\tMajor (requiring I/O) page faults: 2\n\tMinor (reclaiming a frame) page faults: 344\n\tVoluntary context switches: 3\n\tInvoluntary context switches: 10\n\tSwaps: 0\n\tFile system inputs: 176\n\tFile system outputs: 0\n\tSocket messages sent: 0\n\tSocket messages received: 0\n\tSignals delivered: 0\n\tPage size (bytes): 4096\n\tExit status: 0\n"}}
    sandbox_memory_integrity_test.go:70: Command [bash] output: event:{data:{stdout:"Used memory after tmpfs mount and file fill: 830 MB\n"}}
    sandbox_memory_integrity_test.go:70: Command [bash] output: event:{end:{exited:true  status:"exit status 0"}}
    sandbox_memory_integrity_test.go:70: Command [bash] completed successfully in sandbox i0drgdvprycxhjmx7hrei
Executing command bash in sandbox i0drgdvprycxhjmx7hrei (user: root)
    sandbox_memory_integrity_test.go:74: Command [bash] output: event:{start:{pid:1269}}
    sandbox_memory_integrity_test.go:74: Command [bash] output: event:{data:{stdout:"3f8a8fc2412daa907a18df95e651f837e90a74092b7bc6cedbc39164f5737231\n"}}
    sandbox_memory_integrity_test.go:74: Command [bash] output: event:{end:{exited:true  status:"exit status 0"}}
    sandbox_memory_integrity_test.go:74: Command [bash] completed successfully in sandbox i0drgdvprycxhjmx7hrei
Executing command bash in sandbox i0drgdvprycxhjmx7hrei (user: root)
    sandbox_memory_integrity_test.go:99: Command [bash] output: event:{start:{pid:1272}}
    sandbox_memory_integrity_test.go:100: 
        	Error Trace:	.../tests/orchestrator/sandbox_memory_integrity_test.go:100
        	Error:      	Received unexpected error:
        	            	failed to execute command bash in sandbox i0drgdvprycxhjmx7hrei: invalid_argument: protocol error: incomplete envelope: unexpected EOF
        	Test:       	TestSandboxMemoryIntegrity/tmpfs_hash
--- FAIL: TestSandboxMemoryIntegrity/tmpfs_hash (27.22s)

To view more test analytics, go to the Test Analytics Dashboard
📋 Got 3 mins? Take this short survey to help us improve Test Analytics.

@bchalios bchalios changed the title Dirty pages deduplication between diff and base layer Dirty pages deduplication between diff and base layer for memory May 7, 2026
gemini-code-assist[bot]
gemini-code-assist Bot reviewed May 7, 2026
View reviewed changes
Copy link
Copy Markdown

@gemini-code-assist gemini-code-assist Bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code Review

This pull request implements memfd-backed guest memory support for Firecracker, enabling the orchestrator to retrieve dirty pages via pread on a shared file descriptor instead of process_vm_readv. Key changes include a new 4KiB page deduplication routine in the block cache, updates to the UFFD handler to manage the received memfd, and integration into the sandbox lifecycle via a new feature flag. I have no feedback to provide as the implementation is robust and no issues were identified.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@ValentaTomas ValentaTomas Awaiting requested review from ValentaTomas ValentaTomas will be requested when the pull request is marked ready for review ValentaTomas is a code owner

@jakubno jakubno Awaiting requested review from jakubno jakubno will be requested when the pull request is marked ready for review jakubno is a code owner

@dobrac dobrac Awaiting requested review from dobrac dobrac will be requested when the pull request is marked ready for review dobrac is a code owner

1 more reviewer

@gemini-code-assist gemini-code-assist[bot] gemini-code-assist[bot] left review comments

Reviewers whose approvals may not affect merge requirements

At least 1 approving review is required to merge this pull request.

Assignees

@bchalios bchalios

Labels

cla-signed

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@bchalios @arkamar